AppSec Blog

Spot the Vuln - Wood - SQL injection

Details Affected Software: WordPress Core Fixed in Version: 2.2 Issue Type: SQL Injection Original Code: Found Here Description This is a fairly straight forward SQL Injection bug here. First, although we can't see exactly where $args[] is set, we have some strong clues that it contains user/attacker controlled data. For example, the first function on … Continue reading Spot the Vuln - Wood - SQL injection


Spot the Vuln - Wood

Remember, a chip on the shoulder is a sure sign of wood higher up. - Brigham Young Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify … Continue reading Spot the Vuln - Wood


Spot the Vuln - Vegetables - SQL Injection

Details Affected Software: Short URL Plugin Fixed in Version: Changeset 55280 Issue Type: SQL Injection Original Code: Found Here Description This weeks' vulnerabilities were a couple of SQL injection bugs in the Short URL Plugin for WordPress. The symptoms for the issues indicate classic SQL injection, let's have a quick look at the code. First, … Continue reading Spot the Vuln - Vegetables - SQL Injection


Spot the Vuln - Vegetables

People need trouble — a little frustration to sharpen the spirit on, toughen it. Artists do; I don't mean you need to live in a rat hole or gutter, but you have to learn fortitude, endurance. Only vegetables are happy. - William Faulkner Spot the Vuln uses code snippets from open source applications to demonstrate … Continue reading Spot the Vuln - Vegetables


What's in Your iOS Image Cache?

Backgrounding and Snapshots In iOS when an application moves to the background the system takes a screen shot of the application's main window. This screen shot is used to animate transitions when the app is reopened. For example, pressing the home button while using the logon screen of the Chase App results in the following … Continue reading What's in Your iOS Image Cache?